Commit | Line | Data |
---|---|---|
8ed5eec9 AG |
1 | /* |
2 | * Overlayfs NFS export support. | |
3 | * | |
4 | * Amir Goldstein <amir73il@gmail.com> | |
5 | * | |
6 | * Copyright (C) 2017-2018 CTERA Networks. All Rights Reserved. | |
7 | * | |
8 | * This program is free software; you can redistribute it and/or modify it | |
9 | * under the terms of the GNU General Public License version 2 as published by | |
10 | * the Free Software Foundation. | |
11 | */ | |
12 | ||
13 | #include <linux/fs.h> | |
14 | #include <linux/cred.h> | |
15 | #include <linux/mount.h> | |
16 | #include <linux/namei.h> | |
17 | #include <linux/xattr.h> | |
18 | #include <linux/exportfs.h> | |
19 | #include <linux/ratelimit.h> | |
20 | #include "overlayfs.h" | |
21 | ||
b305e844 AG |
22 | /* |
23 | * We only need to encode origin if there is a chance that the same object was | |
24 | * encoded pre copy up and then we need to stay consistent with the same | |
25 | * encoding also after copy up. If non-pure upper is not indexed, then it was | |
26 | * copied up before NFS export was enabled. In that case we don't need to worry | |
27 | * about staying consistent with pre copy up encoding and we encode an upper | |
28 | * file handle. Overlay root dentry is a private case of non-indexed upper. | |
29 | * | |
30 | * The following table summarizes the different file handle encodings used for | |
31 | * different overlay object types: | |
32 | * | |
33 | * Object type | Encoding | |
34 | * -------------------------------- | |
35 | * Pure upper | U | |
36 | * Non-indexed upper | U | |
05e1f118 AG |
37 | * Indexed upper | L (*) |
38 | * Non-upper | L (*) | |
b305e844 AG |
39 | * |
40 | * U = upper file handle | |
41 | * L = lower file handle | |
05e1f118 AG |
42 | * |
43 | * (*) Connecting an overlay dir from real lower dentry is not always | |
44 | * possible when there are redirects in lower layers. To mitigate this case, | |
45 | * we copy up the lower dir first and then encode an upper dir file handle. | |
b305e844 AG |
46 | */ |
47 | static bool ovl_should_encode_origin(struct dentry *dentry) | |
48 | { | |
05e1f118 AG |
49 | struct ovl_fs *ofs = dentry->d_sb->s_fs_info; |
50 | ||
b305e844 AG |
51 | if (!ovl_dentry_lower(dentry)) |
52 | return false; | |
53 | ||
05e1f118 AG |
54 | /* |
55 | * Decoding a merge dir, whose origin's parent is under a redirected | |
56 | * lower dir is not always possible. As a simple aproximation, we do | |
57 | * not encode lower dir file handles when overlay has multiple lower | |
58 | * layers and origin is below the topmost lower layer. | |
59 | * | |
60 | * TODO: copy up only the parent that is under redirected lower. | |
61 | */ | |
62 | if (d_is_dir(dentry) && ofs->upper_mnt && | |
63 | OVL_E(dentry)->lowerstack[0].layer->idx > 1) | |
64 | return false; | |
65 | ||
b305e844 AG |
66 | /* Decoding a non-indexed upper from origin is not implemented */ |
67 | if (ovl_dentry_upper(dentry) && | |
68 | !ovl_test_flag(OVL_INDEX, d_inode(dentry))) | |
69 | return false; | |
70 | ||
71 | return true; | |
72 | } | |
73 | ||
05e1f118 AG |
74 | static int ovl_encode_maybe_copy_up(struct dentry *dentry) |
75 | { | |
76 | int err; | |
77 | ||
78 | if (ovl_dentry_upper(dentry)) | |
79 | return 0; | |
80 | ||
81 | err = ovl_want_write(dentry); | |
82 | if (err) | |
83 | return err; | |
84 | ||
85 | err = ovl_copy_up(dentry); | |
86 | ||
87 | ovl_drop_write(dentry); | |
88 | return err; | |
89 | } | |
90 | ||
8ed5eec9 AG |
91 | static int ovl_d_to_fh(struct dentry *dentry, char *buf, int buflen) |
92 | { | |
8ed5eec9 AG |
93 | struct dentry *origin = ovl_dentry_lower(dentry); |
94 | struct ovl_fh *fh = NULL; | |
95 | int err; | |
96 | ||
05e1f118 AG |
97 | /* |
98 | * If we should not encode a lower dir file handle, copy up and encode | |
99 | * an upper dir file handle. | |
100 | */ | |
101 | if (!ovl_should_encode_origin(dentry)) { | |
102 | err = ovl_encode_maybe_copy_up(dentry); | |
103 | if (err) | |
104 | goto fail; | |
105 | ||
8ed5eec9 | 106 | origin = NULL; |
05e1f118 | 107 | } |
8ed5eec9 | 108 | |
03e1c584 AG |
109 | /* Encode an upper or origin file handle */ |
110 | fh = ovl_encode_fh(origin ?: ovl_dentry_upper(dentry), !origin); | |
8ed5eec9 AG |
111 | |
112 | err = -EOVERFLOW; | |
113 | if (fh->len > buflen) | |
114 | goto fail; | |
115 | ||
116 | memcpy(buf, (char *)fh, fh->len); | |
117 | err = fh->len; | |
118 | ||
119 | out: | |
120 | kfree(fh); | |
121 | return err; | |
122 | ||
123 | fail: | |
124 | pr_warn_ratelimited("overlayfs: failed to encode file handle (%pd2, err=%i, buflen=%d, len=%d, type=%d)\n", | |
125 | dentry, err, buflen, fh ? (int)fh->len : 0, | |
126 | fh ? fh->type : 0); | |
127 | goto out; | |
128 | } | |
129 | ||
130 | static int ovl_dentry_to_fh(struct dentry *dentry, u32 *fid, int *max_len) | |
131 | { | |
132 | int res, len = *max_len << 2; | |
133 | ||
134 | res = ovl_d_to_fh(dentry, (char *)fid, len); | |
135 | if (res <= 0) | |
136 | return FILEID_INVALID; | |
137 | ||
138 | len = res; | |
139 | ||
140 | /* Round up to dwords */ | |
141 | *max_len = (len + 3) >> 2; | |
142 | return OVL_FILEID; | |
143 | } | |
144 | ||
145 | static int ovl_encode_inode_fh(struct inode *inode, u32 *fid, int *max_len, | |
146 | struct inode *parent) | |
147 | { | |
148 | struct dentry *dentry; | |
149 | int type; | |
150 | ||
151 | /* TODO: encode connectable file handles */ | |
152 | if (parent) | |
153 | return FILEID_INVALID; | |
154 | ||
155 | dentry = d_find_any_alias(inode); | |
156 | if (WARN_ON(!dentry)) | |
157 | return FILEID_INVALID; | |
158 | ||
159 | type = ovl_dentry_to_fh(dentry, fid, max_len); | |
160 | ||
161 | dput(dentry); | |
162 | return type; | |
163 | } | |
164 | ||
8556a420 | 165 | /* |
f71bd9cf | 166 | * Find or instantiate an overlay dentry from real dentries and index. |
8556a420 AG |
167 | */ |
168 | static struct dentry *ovl_obtain_alias(struct super_block *sb, | |
f71bd9cf AG |
169 | struct dentry *upper_alias, |
170 | struct ovl_path *lowerpath, | |
171 | struct dentry *index) | |
8556a420 | 172 | { |
f941866f | 173 | struct dentry *lower = lowerpath ? lowerpath->dentry : NULL; |
f71bd9cf | 174 | struct dentry *upper = upper_alias ?: index; |
8556a420 | 175 | struct dentry *dentry; |
f941866f | 176 | struct inode *inode; |
8556a420 | 177 | struct ovl_entry *oe; |
8556a420 | 178 | |
f71bd9cf AG |
179 | /* We get overlay directory dentries with ovl_lookup_real() */ |
180 | if (d_is_dir(upper ?: lower)) | |
8556a420 AG |
181 | return ERR_PTR(-EIO); |
182 | ||
f71bd9cf | 183 | inode = ovl_get_inode(sb, dget(upper), lower, index, !!lower); |
8556a420 AG |
184 | if (IS_ERR(inode)) { |
185 | dput(upper); | |
186 | return ERR_CAST(inode); | |
187 | } | |
188 | ||
f71bd9cf AG |
189 | if (index) |
190 | ovl_set_flag(OVL_INDEX, inode); | |
191 | ||
8556a420 AG |
192 | dentry = d_find_any_alias(inode); |
193 | if (!dentry) { | |
194 | dentry = d_alloc_anon(inode->i_sb); | |
195 | if (!dentry) | |
196 | goto nomem; | |
f941866f | 197 | oe = ovl_alloc_entry(lower ? 1 : 0); |
8556a420 AG |
198 | if (!oe) |
199 | goto nomem; | |
200 | ||
f941866f AG |
201 | if (lower) { |
202 | oe->lowerstack->dentry = dget(lower); | |
203 | oe->lowerstack->layer = lowerpath->layer; | |
204 | } | |
8556a420 | 205 | dentry->d_fsdata = oe; |
f71bd9cf | 206 | if (upper_alias) |
f941866f | 207 | ovl_dentry_set_upper_alias(dentry); |
8556a420 AG |
208 | } |
209 | ||
210 | return d_instantiate_anon(dentry, inode); | |
211 | ||
212 | nomem: | |
213 | iput(inode); | |
214 | dput(dentry); | |
215 | return ERR_PTR(-ENOMEM); | |
216 | } | |
217 | ||
3985b70a AG |
218 | /* |
219 | * Lookup a child overlay dentry to get a connected overlay dentry whose real | |
220 | * dentry is @real. If @real is on upper layer, we lookup a child overlay | |
221 | * dentry with the same name as the real dentry. Otherwise, we need to consult | |
222 | * index for lookup. | |
223 | */ | |
224 | static struct dentry *ovl_lookup_real_one(struct dentry *connected, | |
225 | struct dentry *real, | |
226 | struct ovl_layer *layer) | |
227 | { | |
228 | struct inode *dir = d_inode(connected); | |
229 | struct dentry *this, *parent = NULL; | |
230 | struct name_snapshot name; | |
231 | int err; | |
232 | ||
233 | /* TODO: lookup by lower real dentry */ | |
234 | if (layer->idx) | |
235 | return ERR_PTR(-EACCES); | |
236 | ||
237 | /* | |
238 | * Lookup child overlay dentry by real name. The dir mutex protects us | |
239 | * from racing with overlay rename. If the overlay dentry that is above | |
240 | * real has already been moved to a parent that is not under the | |
241 | * connected overlay dir, we return -ECHILD and restart the lookup of | |
242 | * connected real path from the top. | |
243 | */ | |
244 | inode_lock_nested(dir, I_MUTEX_PARENT); | |
245 | err = -ECHILD; | |
246 | parent = dget_parent(real); | |
247 | if (ovl_dentry_upper(connected) != parent) | |
248 | goto fail; | |
249 | ||
250 | /* | |
251 | * We also need to take a snapshot of real dentry name to protect us | |
252 | * from racing with underlying layer rename. In this case, we don't | |
253 | * care about returning ESTALE, only from dereferencing a free name | |
254 | * pointer because we hold no lock on the real dentry. | |
255 | */ | |
256 | take_dentry_name_snapshot(&name, real); | |
257 | this = lookup_one_len(name.name, connected, strlen(name.name)); | |
258 | err = PTR_ERR(this); | |
259 | if (IS_ERR(this)) { | |
260 | goto fail; | |
261 | } else if (!this || !this->d_inode) { | |
262 | dput(this); | |
263 | err = -ENOENT; | |
264 | goto fail; | |
265 | } else if (ovl_dentry_upper(this) != real) { | |
266 | dput(this); | |
267 | err = -ESTALE; | |
268 | goto fail; | |
269 | } | |
270 | ||
271 | out: | |
272 | release_dentry_name_snapshot(&name); | |
273 | dput(parent); | |
274 | inode_unlock(dir); | |
275 | return this; | |
276 | ||
277 | fail: | |
278 | pr_warn_ratelimited("overlayfs: failed to lookup one by real (%pd2, layer=%d, connected=%pd2, err=%i)\n", | |
279 | real, layer->idx, connected, err); | |
280 | this = ERR_PTR(err); | |
281 | goto out; | |
282 | } | |
283 | ||
284 | /* | |
285 | * Lookup a connected overlay dentry whose real dentry is @real. | |
286 | * If @real is on upper layer, we lookup a child overlay dentry with the same | |
287 | * path the real dentry. Otherwise, we need to consult index for lookup. | |
288 | */ | |
289 | static struct dentry *ovl_lookup_real(struct super_block *sb, | |
290 | struct dentry *real, | |
291 | struct ovl_layer *layer) | |
292 | { | |
293 | struct dentry *connected; | |
294 | int err = 0; | |
295 | ||
296 | /* TODO: use index when looking up by lower real dentry */ | |
297 | if (layer->idx) | |
298 | return ERR_PTR(-EACCES); | |
299 | ||
300 | connected = dget(sb->s_root); | |
301 | while (!err) { | |
302 | struct dentry *next, *this; | |
303 | struct dentry *parent = NULL; | |
304 | struct dentry *real_connected = ovl_dentry_upper(connected); | |
305 | ||
306 | if (real_connected == real) | |
307 | break; | |
308 | ||
309 | /* Find the topmost dentry not yet connected */ | |
310 | next = dget(real); | |
311 | for (;;) { | |
312 | parent = dget_parent(next); | |
313 | ||
314 | if (parent == real_connected) | |
315 | break; | |
316 | ||
317 | /* | |
318 | * If real has been moved out of 'real_connected', | |
319 | * we will not find 'real_connected' and hit the layer | |
320 | * root. In that case, we need to restart connecting. | |
321 | * This game can go on forever in the worst case. We | |
322 | * may want to consider taking s_vfs_rename_mutex if | |
323 | * this happens more than once. | |
324 | */ | |
325 | if (parent == layer->mnt->mnt_root) { | |
326 | dput(connected); | |
327 | connected = dget(sb->s_root); | |
328 | break; | |
329 | } | |
330 | ||
331 | /* | |
332 | * If real file has been moved out of the layer root | |
333 | * directory, we will eventully hit the real fs root. | |
334 | * This cannot happen by legit overlay rename, so we | |
335 | * return error in that case. | |
336 | */ | |
337 | if (parent == next) { | |
338 | err = -EXDEV; | |
339 | break; | |
340 | } | |
341 | ||
342 | dput(next); | |
343 | next = parent; | |
344 | } | |
345 | ||
346 | if (!err) { | |
347 | this = ovl_lookup_real_one(connected, next, layer); | |
348 | if (IS_ERR(this)) | |
349 | err = PTR_ERR(this); | |
350 | ||
351 | /* | |
352 | * Lookup of child in overlay can fail when racing with | |
353 | * overlay rename of child away from 'connected' parent. | |
354 | * In this case, we need to restart the lookup from the | |
355 | * top, because we cannot trust that 'real_connected' is | |
356 | * still an ancestor of 'real'. | |
357 | */ | |
358 | if (err == -ECHILD) { | |
359 | this = dget(sb->s_root); | |
360 | err = 0; | |
361 | } | |
362 | if (!err) { | |
363 | dput(connected); | |
364 | connected = this; | |
365 | } | |
366 | } | |
367 | ||
368 | dput(parent); | |
369 | dput(next); | |
370 | } | |
371 | ||
372 | if (err) | |
373 | goto fail; | |
374 | ||
375 | return connected; | |
376 | ||
377 | fail: | |
378 | pr_warn_ratelimited("overlayfs: failed to lookup by real (%pd2, layer=%d, connected=%pd2, err=%i)\n", | |
379 | real, layer->idx, connected, err); | |
380 | dput(connected); | |
381 | return ERR_PTR(err); | |
382 | } | |
383 | ||
384 | /* | |
f71bd9cf | 385 | * Get an overlay dentry from upper/lower real dentries and index. |
3985b70a AG |
386 | */ |
387 | static struct dentry *ovl_get_dentry(struct super_block *sb, | |
388 | struct dentry *upper, | |
f71bd9cf AG |
389 | struct ovl_path *lowerpath, |
390 | struct dentry *index) | |
3985b70a AG |
391 | { |
392 | struct ovl_fs *ofs = sb->s_fs_info; | |
393 | struct ovl_layer upper_layer = { .mnt = ofs->upper_mnt }; | |
f71bd9cf | 394 | struct dentry *real = upper ?: (index ?: lowerpath->dentry); |
3985b70a | 395 | |
f941866f | 396 | /* |
f71bd9cf AG |
397 | * Obtain a disconnected overlay dentry from a non-dir real dentry |
398 | * and index. | |
f941866f | 399 | */ |
f71bd9cf AG |
400 | if (!d_is_dir(real)) |
401 | return ovl_obtain_alias(sb, upper, lowerpath, index); | |
f941866f AG |
402 | |
403 | /* TODO: lookup connected dir from real lower dir */ | |
3985b70a AG |
404 | if (!upper) |
405 | return ERR_PTR(-EACCES); | |
406 | ||
3985b70a AG |
407 | /* Removed empty directory? */ |
408 | if ((upper->d_flags & DCACHE_DISCONNECTED) || d_unhashed(upper)) | |
409 | return ERR_PTR(-ENOENT); | |
410 | ||
411 | /* | |
412 | * If real upper dentry is connected and hashed, get a connected | |
413 | * overlay dentry with the same path as the real upper dentry. | |
414 | */ | |
415 | return ovl_lookup_real(sb, upper, &upper_layer); | |
416 | } | |
417 | ||
8556a420 AG |
418 | static struct dentry *ovl_upper_fh_to_d(struct super_block *sb, |
419 | struct ovl_fh *fh) | |
420 | { | |
421 | struct ovl_fs *ofs = sb->s_fs_info; | |
422 | struct dentry *dentry; | |
423 | struct dentry *upper; | |
424 | ||
425 | if (!ofs->upper_mnt) | |
426 | return ERR_PTR(-EACCES); | |
427 | ||
428 | upper = ovl_decode_fh(fh, ofs->upper_mnt); | |
429 | if (IS_ERR_OR_NULL(upper)) | |
430 | return upper; | |
431 | ||
f71bd9cf | 432 | dentry = ovl_get_dentry(sb, upper, NULL, NULL); |
8556a420 AG |
433 | dput(upper); |
434 | ||
435 | return dentry; | |
436 | } | |
437 | ||
f941866f AG |
438 | static struct dentry *ovl_lower_fh_to_d(struct super_block *sb, |
439 | struct ovl_fh *fh) | |
440 | { | |
441 | struct ovl_fs *ofs = sb->s_fs_info; | |
442 | struct ovl_path origin = { }; | |
443 | struct ovl_path *stack = &origin; | |
444 | struct dentry *dentry = NULL; | |
f71bd9cf | 445 | struct dentry *index = NULL; |
f941866f AG |
446 | int err; |
447 | ||
f71bd9cf AG |
448 | /* First lookup indexed upper by fh */ |
449 | if (ofs->indexdir) { | |
450 | index = ovl_get_index_fh(ofs, fh); | |
451 | err = PTR_ERR(index); | |
452 | if (IS_ERR(index)) | |
453 | return ERR_PTR(err); | |
454 | } | |
455 | ||
456 | /* Then lookup origin by fh */ | |
f941866f | 457 | err = ovl_check_origin_fh(ofs, fh, NULL, &stack); |
f71bd9cf AG |
458 | if (err) { |
459 | goto out_err; | |
460 | } else if (index) { | |
461 | err = ovl_verify_origin(index, origin.dentry, false); | |
462 | if (err) | |
463 | goto out_err; | |
464 | } | |
f941866f | 465 | |
f71bd9cf | 466 | dentry = ovl_get_dentry(sb, NULL, &origin, index); |
f941866f | 467 | |
f71bd9cf AG |
468 | out: |
469 | dput(origin.dentry); | |
470 | dput(index); | |
f941866f | 471 | return dentry; |
f71bd9cf AG |
472 | |
473 | out_err: | |
474 | dentry = ERR_PTR(err); | |
475 | goto out; | |
f941866f AG |
476 | } |
477 | ||
8556a420 AG |
478 | static struct dentry *ovl_fh_to_dentry(struct super_block *sb, struct fid *fid, |
479 | int fh_len, int fh_type) | |
480 | { | |
481 | struct dentry *dentry = NULL; | |
482 | struct ovl_fh *fh = (struct ovl_fh *) fid; | |
483 | int len = fh_len << 2; | |
484 | unsigned int flags = 0; | |
485 | int err; | |
486 | ||
487 | err = -EINVAL; | |
488 | if (fh_type != OVL_FILEID) | |
489 | goto out_err; | |
490 | ||
491 | err = ovl_check_fh_len(fh, len); | |
492 | if (err) | |
493 | goto out_err; | |
494 | ||
8556a420 | 495 | flags = fh->flags; |
f941866f AG |
496 | dentry = (flags & OVL_FH_FLAG_PATH_UPPER) ? |
497 | ovl_upper_fh_to_d(sb, fh) : | |
498 | ovl_lower_fh_to_d(sb, fh); | |
8556a420 AG |
499 | err = PTR_ERR(dentry); |
500 | if (IS_ERR(dentry) && err != -ESTALE) | |
501 | goto out_err; | |
502 | ||
503 | return dentry; | |
504 | ||
505 | out_err: | |
506 | pr_warn_ratelimited("overlayfs: failed to decode file handle (len=%d, type=%d, flags=%x, err=%i)\n", | |
507 | len, fh_type, flags, err); | |
508 | return ERR_PTR(err); | |
509 | } | |
510 | ||
3985b70a AG |
511 | static struct dentry *ovl_fh_to_parent(struct super_block *sb, struct fid *fid, |
512 | int fh_len, int fh_type) | |
513 | { | |
514 | pr_warn_ratelimited("overlayfs: connectable file handles not supported; use 'no_subtree_check' exportfs option.\n"); | |
515 | return ERR_PTR(-EACCES); | |
516 | } | |
517 | ||
518 | static int ovl_get_name(struct dentry *parent, char *name, | |
519 | struct dentry *child) | |
520 | { | |
521 | /* | |
522 | * ovl_fh_to_dentry() returns connected dir overlay dentries and | |
523 | * ovl_fh_to_parent() is not implemented, so we should not get here. | |
524 | */ | |
525 | WARN_ON_ONCE(1); | |
526 | return -EIO; | |
527 | } | |
528 | ||
529 | static struct dentry *ovl_get_parent(struct dentry *dentry) | |
530 | { | |
531 | /* | |
532 | * ovl_fh_to_dentry() returns connected dir overlay dentries, so we | |
533 | * should not get here. | |
534 | */ | |
535 | WARN_ON_ONCE(1); | |
536 | return ERR_PTR(-EIO); | |
537 | } | |
538 | ||
8ed5eec9 AG |
539 | const struct export_operations ovl_export_operations = { |
540 | .encode_fh = ovl_encode_inode_fh, | |
8556a420 | 541 | .fh_to_dentry = ovl_fh_to_dentry, |
3985b70a AG |
542 | .fh_to_parent = ovl_fh_to_parent, |
543 | .get_name = ovl_get_name, | |
544 | .get_parent = ovl_get_parent, | |
8ed5eec9 | 545 | }; |